Abstract: Techniques are described herein that are capable of using entity name mapping for routing network traffic having encrypted SNI headers. A name resolution request that specifies an entity name is intercepted. Translation of the entity name to a representation of an IP address associated with the entity name is caused. A mapping that cross-references the representation of the IP address to the entity name is stored. A data transfer request that requests establishment of a connection to a destination corresponding to the representation of the IP address is intercepted. The data transfer request includes an encrypted SNI header and a payload. Establishment of the connection to the destination is initiated by providing the encrypted SNI header, the payload, and metadata toward the destination. The metadata includes the entity name based on the mapping.

Abstract: The devices and methods relate to web categorization of web requests. The devices and methods may perform a two-step classification of the web requests. The first classification may provide potential web categories for web request based on a fully qualified domain name (FQDN) of the web request. The first classification may be used to determine whether transport layer security (TLS) termination may be performed on the web request. The second classification may provide a web category for a uniform resource locator (URL) of the web request after performing the TLS termination. The web category may be used by a firewall in filtering web traffic for the web request.

Abstract: The devices and methods relate to web categorization of web requests. The devices and methods may perform a two-step classification of the web requests. The first classification may provide potential web categories for web request based on a fully qualified domain name (FQDN) of the web request. The first classification may be used to determine whether transport layer security (TLS) termination may be performed on the web request. The second classification may provide a web category for a uniform resource locator (URL) of the web request after performing the TLS termination. The web category may be used by a firewall in filtering web traffic for the web request.

Abstract: In a multi-tenant environment, machines across the Internet, belonging to a particular subscription are securely enrolled with the tenant's subscription. Authentication of the machines is delegated to each of the tenant's own on-premise authentication mechanism The trust relationship with the tenant's authentication service is used to validate the security token presented by the machine being authenticated. Once authenticated, the machine has authorization (e.g. SSL machine cert for identity, security token, etc.,) to access the subscription. Each tenant within the multi-tenant environment can provide its own level of authentication. The machine presents the security token to the multi-tenant environment for requests for resources (e.g. services/content) from a user. When a request is received from a machine to access a resource, the multi-tenant environment determines from the issued token whether or not the machine is authorized to access the requested resources.

Abstract: Individual role instance reachability and load balancing are simultaneously provided for role instances of an application running in a hosting environment. Instance endpoints may be assigned to each role instance. Each instance endpoint may comprise a combination of an IP address, a transport protocol, and a unique port number. Additionally, a load balanced endpoint may be assigned to the group of role instances. The load balanced endpoint may comprise a combination of an IP address, transport protocol, and another unique port number. When application messages are issued to the data center, the messages are routed in accordance with endpoints used by the messages. For an instance endpoint, the message is routed to a role instance corresponding with the instance endpoint without load balancing. For the load balanced endpoint, the message is routed to any one of the role instances using load balancing.

Abstract: In a multi-tenant environment, machines across the Internet, belonging to a particular subscription are securely enrolled with the tenant's subscription. Authentication of the machines is delegated to each of the tenant's own on-premise authentication mechanism The trust relationship with the tenant's authentication service is used to validate the security token presented by the machine being authenticated. Once authenticated, the machine has authorization (e.g. SSL machine cert for identity, security token, etc.,) to access the subscription. Each tenant within the multi-tenant environment can provide its own level of authentication. The machine presents the security token to the multi-tenant environment for requests for resources (e.g. services/content) from a user. When a request is received from a machine to access a resource, the multi-tenant environment determines from the issued token whether or not the machine is authorized to access the requested resources.